10.4.9 update plugs a lot of security holes

Just in case you don't run Software Update or read any Mac-related web sites, the United States Computer Emergency Readiness Team (US-CERT) has more details about Apple's Mac OS X 10.4.9 update as well as security update 2007-003. The same information, but in more detail, is available straight from the horse's mouth.

It's customary for Apple to roll earlier security updates into intermediate OS updates such as the 10.4.9 one released earlier this week, but in this case, the 2007-003 update only applies to Mac OS X 10.3.9 Panther installations. Those of us who run Tiger will have to install the 10.4.9 update or forego the security fixes. The latter isn't advised as the list is long. But wasn't it just a month ago that we saw security update 2007-002 for OS X 10.4.8?

Among other things, the update fixes issues with various types of maliciously-crafted images, the ability for other users to get access to what's typed on the keyboard, arbitrary code execution as a result of bugs in MySQL, GNU tar, and Software Update itself. A good number of the holes plugged are attributed to the Apple Month of Bugs.

This has the makings of a great drinking game, but be careful: if you take a sip after each occurrence of maliciously-crafted, malicious local user, denial of service, or arbitrary code execution, you'll be in a coma before reaching the end of the article.

Oh no!

Iljitsch van Beijnum / Iljitsch is a contributing writer at Ars Technica, where he contributes articles about network protocols as well as Apple topics. He is currently finishing his Ph.D work at the telematics department at Universidad Carlos III de Madrid (UC3M) in Spain.